MFA for Azure Portal Admin

Question

Hello, I just realized that there will be a mandatory MFA for the Azure portal. I'm not an admin of our Entra directory. What should I request to our admin of Entra directory?

Answer 1

Hello FPI Erick Aspiras(Erick Aspiras),

Thanks for your question.

For the Azure Portal, by default MFA is required. So you can ask the admin to check if your MFA is already enabled under:

Microsoft Entra Admin Center → Protection.

Make sure your mobile number, email, and authenticator app are properly registered under:

https://mysignins.microsoft.com/security-info

See: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mandatory-multifactor-authentication

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola

Answer 2

Hi @FPI Erick Aspiras(Erick Aspiras)
Yes, there will be a mandatory MFA for the Azure portal. You need to request the following methods to your admin.
Check whether you have registered MFA by clicking on https://myaccount.microsoft.com/. If it is not registered reach out to admin to re-register or revoke MFA sessions.

There are three ways to enable multifactor authentication that is Security Defaults, Per User MFA, Conditional Access (CA) Policy.

Microsoft 365 for business gives you the option to use security defaults or Conditional Access policies to turn on MFA for your admins and user accounts. For most organizations, Security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies.

For security default and per user MFA no need of premium licenses whereas for conditional access policy you need to have premium P1 license.

• To enable security defaults, follow these steps:

1.Sign in to the Microsoft Admin Center as a Security Administrator.

2.Browse to Identity > Overview > Properties.

3.Select Manage security defaults.

4.Set Security defaults to Enabled.

5.Select Save.

For more information: https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=secdefaults#next-step

• To enable per user MFA, follow these steps:

1.Sign in to Microsoft 365 admin center.

2.Navigate to Users > Active users > multi-factor authentication.

3.Select the users for whom you want to turn MFA.

4.Click the “Enable” option that appears to the right of the table of users.

5.Click “Enable Multi-Factor Authentication” on the confirmation screen.

• To enable conditional access policy, follow these steps:

1.Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator. 2.Browse to Protection > Conditional Access > Policies.

3.Select New policy.

4.Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.

5.Under Assignments, select Users or workload identities.

6.Under Include, select All users

7.Under Exclude select Users and groups and choose your organization's emergency access or break-glass accounts.

8.You might choose to exclude your guest users if you're targeting them with a guest user specific policy. Under Target resources > Resources (formerly cloud apps) > Include, select All resources (formerly 'All cloud apps').

9.Under Exclude, select any applications that don't require multifactor authentication.

10.Under Access controls > Grant, select Grant access.

11.Select Require authentication strength, then select the built-in Multifactor authentication strength from the list.

12.Confirm your settings and set Enable policy to Report-only.

13.Select Create to create to enable your policy.

14.After administrators confirm the settings using report-only mode, they can move the Enable policy toggle from Report-only to On.

Hope this helps. Do let us know if you have any further queries.  

------------  

If this answers your query, do click Accept Answer and Yes if this answer helpful.